Solved

What does this R0 line mean? / HijackThis Log

Posted on 2011-02-27
7
629 Views
Last Modified: 2013-12-06
Hi Friends

I have also found this R0 line on a HijackThis Log from a customer.
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

I know this is for Internet Explorers starting page and search assistant. But what does this line mean exactly? Where can I find more information’s about this line? Why is nothing behind the = ? I have also found some logs with Obfuscated. Is this Spyware? Because I have read this is a sign of spyware and difficult to remove such an infection.

Thank you very much
0
Comment
Question by:awawada
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 22

Assisted Solution

by:optoma
optoma earned 125 total points
ID: 34991399
Hi.
Some info regarding HJT
http://www.bleepingcomputer.com/tutorials/tutorial42.html#RDiag

That line is ok to the best of my knowledge :)

Upload the log to Hijackthis.de to be analyzed and there is an info button beside each line.
http://www.hijackthis.de/


>Apart from that, machine behaving ok?
0
 
LVL 4

Expert Comment

by:FastSi
ID: 34991407
"HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =" with nothing after it I assume it means your browser is not starting with any addon toolbars, I get the same result with nothing after = iwhen I do a scan and mines clean.

not sure about the Obfuscated
0
 
LVL 4

Assisted Solution

by:FastSi
FastSi earned 125 total points
ID: 34991423
Hijack this is by trendmicro so could also post on http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 18

Author Comment

by:awawada
ID: 34991468
@optoma
Hi optoma

after a long time. hope you are fine?
I know this Tutorial it's pretty good, but i dont find much infos about:
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

@FastSi
good idea with http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware .
Are you sure this has something to do with addon toolbars? Has this nothing to do with Internet Explorer Links folder with the Favorites?
0
 
LVL 35

Accepted Solution

by:
torimar earned 250 total points
ID: 34991918
If you launch IE, and go to the Favorites menu, you will see a folder called "Links" in that menu. If you delete it, it will be recreated automatically.

That is what the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName

controls. If "LinksFolderName=Links" the folder will be recreated, if "LinksFolderName=" it will not be recreated.
This is a popular registry tweak: http://www.pctools.com/guides/registry/detail/550/

"LinksFolderName=Links" is the default entry; as long as it is active, HJT does not include the key in its scan report. Once it is changed, HJT will report this.

You could easily let HJT fix the issue, but that may not be in the interest of your client if he/she intentionally applied this reg tweak.
0
 
LVL 22

Expert Comment

by:optoma
ID: 34992197
Hi Awawada.
Been a while. All is fine, thankfully as ever! :)


0
 
LVL 18

Author Closing Comment

by:awawada
ID: 34993110
Thanks Friends!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question